SESSIONS ARE FUN - HELP me.. code provided

radioJGH

i am now trying to create a session for my site.. so it is somewhat secure... here is my code for my login page...

<? 
session_start();
if (isset($username)) {
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Members Area Login</p>
<form method="post" action="http://www.jgarretthood.com/members/authenticateuser.php">
  <p>Username:<br>
    <input type ="text" name="username" size="25" maxlength="25"><br>
<p>Password:</p><br>
<input type="password" name="password" size="25" maxlength="25"></p>
<p><input type="submit" name="signin" value="login"></p>
</form>
</body>
</html>
<?

session_register("username");
session_register("password");
$db_name = "mydbnamehere";
$table_name ="mytablenamehere";
$connection = mysql_connect("localhost", "usernamehere", "passwordhere") or die ("Could not connect to database!");
$db = mysql_select_db("$db_name") or die ("Could not select database");
$sql = "SELECT * FROM $table_name WHERE
        username = '$username' AND password = PASSWORD('$password')";
$result = mysql_query($sql);
if (!$result) {  

die("A database error occurred while checking your login details.");
}
if (mysql_num_rows($result) == 0) {
  session_unregister("username");
  session_unregister("password");
  exit;
}
$username = mysql_result($result,0,"fullname");
?>

here is the code for my session that i include at the beginning of all the other pages...


<? 
session_start();
if (isset($username)) {
exit;
}
session_register("username");
session_register("password");

$db_name = "mydbname";
$table_name ="mytablename";
$connection = mysql_connect("localhost", "username", "password") or die ("Could not connect to database!");
$db = mysql_select_db("$db_name") or die ("Could not select database");
$sql = "SELECT * FROM $table_name WHERE
        username = '$username' AND password = PASSWORD('$password')";
$result = mysql_query($sql);
if (!$result) {  

die("A database error occurred while checking your login details.");
}
if (mysql_num_rows($result) == 0) {
  session_unregister("username");
  session_unregister("password");
  ?>
  <html>
  <head>
  <title> Access Denied </title>
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again.</p>
  </body>
  </html>
  <?
  exit;
}
$username = mysql_result($result,0,"fullname");
?>

MiH

<?php 
session_start();
if(!isset($_SESSION["username"])){
 header("Location: login.php");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Members Area Login</p>
<form method="post" action="http://www.jgarretthood.com/members/authenticateuser.php">
  <p>Username:<br>
    <input type ="text" name="username" size="25" maxlength="25"><br>
<p>Password:</p><br>
<input type="password" name="password" size="25" maxlength="25"></p>
<p><input type="submit" name="signin" value="login"></p>
</form>
</body>
</html>
<?
$db_name = "mydbnamehere";
$table_name ="mytablenamehere";
$connection = mysql_connect("localhost", "usernamehere", "passwordhere") or die ("Could not connect to database!");
$db = mysql_select_db("$db_name") or die ("Could not select database");
$sql = "SELECT fullname FROM $table_name WHERE username = '".$_POST["username"]."' && password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql);
if(mysql_num_rows($result) != 1){
 echo "login wrong.";
}else{
 $row = mysql_fetch_row($result);
 $_SESSION["username"] = $row[0];
}
?>

works fine with php >= 4.2 not with 4.1.2!!!

the code for the next pages:

<?php 
session_start();
if (!isset($_SESSION["username"])){
 header("location: login.php");
}
?>
<html>
  <head>
  <title>Access Denied </title>
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again.</p>
  </body>
</html>

edit:
fixed 🙂
sorry.

radioJGH

ok .. i see.. thanks for that... but i am getting this error...

Parse error: parse error, expecting T_VARIABLE' or'$'' in /home/virtual/site355/fst/var/www/html/members/index.php on line 3

any clue?

RedDragon

replace

Originally posted by MiH

if(isset(!_SESSION["username"])){
 header("Location: login.php");
}

with

if(!isset($_SESSION["username"])){
 header("Location: login.php");
}

radioJGH

nope, still gives me an error

MiH

what errormessage?

radioJGH

i got it to work earlier today....

im decided on using sessions, or cookies... i know ow to do cookies.. but not sessions.. and i hear they are better... can anyone help me here?